Class: HTTPI::Auth::SSL
- Inherits:
-
Object
- Object
- HTTPI::Auth::SSL
- Defined in:
- lib/httpi/auth/ssl.rb
Overview
HTTPI::Auth::SSL
Provides SSL client authentication.
Constant Summary collapse
- VERIFY_MODES =
[:none, :peer, :fail_if_no_peer_cert, :client_once]
- CERT_TYPES =
[:pem, :der]
- SSL_VERSIONS =
[:TLSv1, :SSLv2, :SSLv3]
Instance Attribute Summary collapse
-
#ca_cert ⇒ Object
Returns an
OpenSSL::X509::Certificate
for theca_cert_file
. -
#ca_cert_file ⇒ Object
Accessor for the cacert file to validate SSL certificates.
-
#cert ⇒ Object
Returns an
OpenSSL::X509::Certificate
for thecert_file
. -
#cert_file ⇒ Object
Accessor for the cert file to validate SSL connections.
-
#cert_key ⇒ Object
Returns an
OpenSSL::PKey
subclass (usuallyOpenSSL::PKey::RSA
) for thecert_key_file
. -
#cert_key_file ⇒ Object
Accessor for the cert key file to validate SSL certificates.
-
#cert_key_password ⇒ Object
Accessor for the cert key password to validate SSL certificates.
Instance Method Summary collapse
-
#cert_type ⇒ Object
Returns the cert type to validate SSL certificates PEM|DER.
-
#cert_type=(type) ⇒ Object
Sets the cert type to validate SSL certificates PEM|DER.
-
#openssl_verify_mode ⇒ Object
Returns the SSL verify mode as a
OpenSSL::SSL::VERIFY_*
constant. -
#present? ⇒ Boolean
Returns whether SSL configuration is present.
-
#ssl_version ⇒ Object
Returns the SSL version number.
-
#ssl_version=(version) ⇒ Object
Sets the SSL version number.
-
#verify_mode ⇒ Object
Returns the SSL verify mode.
-
#verify_mode=(mode) ⇒ Object
Sets the SSL verify mode.
Instance Attribute Details
#ca_cert ⇒ Object
Returns an OpenSSL::X509::Certificate
for the ca_cert_file
.
88 89 90 |
# File 'lib/httpi/auth/ssl.rb', line 88 def ca_cert @ca_cert ||= OpenSSL::X509::Certificate.new File.read(ca_cert_file) end |
#ca_cert_file ⇒ Object
Accessor for the cacert file to validate SSL certificates.
32 33 34 |
# File 'lib/httpi/auth/ssl.rb', line 32 def ca_cert_file @ca_cert_file end |
#cert ⇒ Object
Returns an OpenSSL::X509::Certificate
for the cert_file
.
80 81 82 |
# File 'lib/httpi/auth/ssl.rb', line 80 def cert @cert ||= (OpenSSL::X509::Certificate.new File.read(cert_file) if cert_file) end |
#cert_file ⇒ Object
Accessor for the cert file to validate SSL connections.
29 30 31 |
# File 'lib/httpi/auth/ssl.rb', line 29 def cert_file @cert_file end |
#cert_key ⇒ Object
Returns an OpenSSL::PKey
subclass (usually OpenSSL::PKey::RSA
) for the cert_key_file
.
96 97 98 |
# File 'lib/httpi/auth/ssl.rb', line 96 def cert_key @cert_key ||= (OpenSSL::PKey.read(File.read(cert_key_file), cert_key_password) if cert_key_file) end |
#cert_key_file ⇒ Object
Accessor for the cert key file to validate SSL certificates.
23 24 25 |
# File 'lib/httpi/auth/ssl.rb', line 23 def cert_key_file @cert_key_file end |
#cert_key_password ⇒ Object
Accessor for the cert key password to validate SSL certificates.
26 27 28 |
# File 'lib/httpi/auth/ssl.rb', line 26 def cert_key_password @cert_key_password end |
Instance Method Details
#cert_type ⇒ Object
Returns the cert type to validate SSL certificates PEM|DER.
35 36 37 |
# File 'lib/httpi/auth/ssl.rb', line 35 def cert_type @cert_type ||= :pem end |
#cert_type=(type) ⇒ Object
Sets the cert type to validate SSL certificates PEM|DER.
40 41 42 43 44 45 46 47 |
# File 'lib/httpi/auth/ssl.rb', line 40 def cert_type=(type) unless CERT_TYPES.include? type raise ArgumentError, "Invalid SSL cert type #{type.inspect}\n" + "Please specify one of #{CERT_TYPES.inspect}" end @cert_type = type end |
#openssl_verify_mode ⇒ Object
Returns the SSL verify mode as a OpenSSL::SSL::VERIFY_*
constant.
104 105 106 107 108 109 110 111 |
# File 'lib/httpi/auth/ssl.rb', line 104 def openssl_verify_mode case verify_mode when :none then OpenSSL::SSL::VERIFY_NONE when :peer then OpenSSL::SSL::VERIFY_PEER when :fail_if_no_peer_cert then OpenSSL::SSL::VERIFY_FAIL_IF_NO_PEER_CERT when :client_once then OpenSSL::SSL::VERIFY_CLIENT_ONCE end end |
#present? ⇒ Boolean
Returns whether SSL configuration is present.
16 17 18 19 20 |
# File 'lib/httpi/auth/ssl.rb', line 16 def present? (verify_mode == :none) || (cert && cert_key) || ca_cert_file rescue TypeError, Errno::ENOENT false end |
#ssl_version ⇒ Object
Returns the SSL version number. Defaults to nil
(auto-negotiate).
65 66 67 |
# File 'lib/httpi/auth/ssl.rb', line 65 def ssl_version @ssl_version end |
#ssl_version=(version) ⇒ Object
Sets the SSL version number. Expects one of HTTPI::Auth::SSL::SSL_VERSIONS
.
70 71 72 73 74 75 76 77 |
# File 'lib/httpi/auth/ssl.rb', line 70 def ssl_version=(version) unless SSL_VERSIONS.include? version raise ArgumentError, "Invalid SSL version #{version.inspect}\n" + "Please specify one of #{SSL_VERSIONS.inspect}" end @ssl_version = version end |
#verify_mode ⇒ Object
Returns the SSL verify mode. Defaults to :peer
.
50 51 52 |
# File 'lib/httpi/auth/ssl.rb', line 50 def verify_mode @verify_mode ||= :peer end |
#verify_mode=(mode) ⇒ Object
Sets the SSL verify mode. Expects one of HTTPI::Auth::SSL::VERIFY_MODES
.
55 56 57 58 59 60 61 62 |
# File 'lib/httpi/auth/ssl.rb', line 55 def verify_mode=(mode) unless VERIFY_MODES.include? mode raise ArgumentError, "Invalid SSL verify mode #{mode.inspect}\n" + "Please specify one of #{VERIFY_MODES.inspect}" end @verify_mode = mode end |